FinTech Regulatory Challenges and Financial Crime Exposure

Transcription

1 FinTech Regulatory Challenges and Financial Crime Exposure

2 02

3 FinTech Regulatory Challenges and Financial Crime Exposure Introduction 04 Regulatory background and outlook 06 FinTech andfinanvcial Crime 14 How Deloittecan support 16 Your Contacts 18 03

4 Introduction Financial Technology ( FinTech ) defined as technologically enabled financial innovation that could result in new business models, applications, processes or products with an associated material effect on financial markets and institutions and the provision of financial services 1 has become a fast growing business area, affecting the banking industry not only as a whole, but specifically with regard to conventional business models, risks and activities. The potential of increasing efficiency, reducing costs, improving access to and the delivery of financial services makes FinTech business so attractive. Those financial services mostly come together with technology and include but are not limited to the following: peer-to-peer lending ( P2P ), online payments, foreign exchange services, digital wallets, e-money, automated or robo investment advice, big data, etc. making financial services for the customer faster, more convenient and cheaper. In 2017, the number of all German FinTech companies rose to 700 and 4% of German start-ups were FinTech start-ups in Overall, the FinTech industry in Germany stands out with an average growth rate of 33% per annum over the last 10 years 2. In light of the recent developments, mainly because the range of financial innovations, the prevalence of their use and their pace of evolution have increased substantially, regulators are challenged to keep pace with the technological developments and to continuously assess the adequacy of regulatory frameworks. It is especially demanding to ensure that regulation and supervision allow FinTechs to execute their business models without sapping the customer protection, the playing field, the integrity of the financial markets and the overall stability of the financial system as a whole. Because of those rapid progressions and accompanying regulatory challenges, the combination of regulation and technology, called RegTech, evolved and is a great opportunity that comes with the innovative era. According to Alan Meaney, CEO and co-founder of the company Fund Recs 3, RegTech is another example of an industry that is being changed rapidly by software just like FinTech 4. Such RegTech businesses make use of new technologies in order to provide completely new approaches to old systems and processes. RegTech services provide the necessary agility and speed required to efficiently handle the flood of new regulations and use standardized approaches to account for the unique nature of different kinds of data. FinTech and RegTech are closely connected as FinTech often utilizes RegTech solutions in order to efficiently cover and monitor regulatory requirements. In addition, non-innovative financial service institutions are encouraged to cooperate with FinTech as well as RegTech providers in order to benefit from the innovative knowledge and implementing speed that is existent in such businesses. In this context, it is important that banking standards and supervisory expectations are adapting to innovations on the one hand, but are also maintaining suitable prudential standards on the other hand. Next to a myriad of positive aspects evolving through the growth of FinTech businesses, new risks and challenges are emerging as well. Specifically regarding anti-money laundering ( AML ) and counter terrorist financing ( CTF ) activities, new business models offering financial products (e.g. virtual cryptocurrencies) or new technologies such as blockchain raise vulnerabilities and weaknesses that cannot be neglected by regulators and supervisors. Digital finance evokes an increased number of financial players and easier handling as well as anonymous execution of cross-border transactions, which cause a more complex transaction monitoring for financial institutions and public authorities. Some of those financial players may be outside the scope of the banking sector regulation and therefore are not subject to or are at least less affected by prudential AML/ CTF rules and regulations compared to traditional financial institutions. Consequently, regulatory gaps or loopholes open up to new potentials for financial crime-activities. For example, abusive activities have recently been identified as part of the video identification process: fraudsters were able to manipulate online job applications via the ebay platform so that the victims found themselves unknowingly in the middle of a 04 1 Working definition of the Financial Stability Board, Financial Stability Implications from FinTech Supervisory and Regulatory Issues that Merit Authorities Attention, p.7, June 27, Germany Monitor (Deutsche Bank Research), German FinTechs on the rise: A mixed blessing for banks, beneficial for clients, July 25, Fund Recs was founded in 2013 offering a reconciliation platform for the Funds Industry. 4 Deloitte, RegTech is the new FinTech - How agile regulatory technology is helping firms better understand and manage their risks, 2016.

5 FinTech Regulatory Challenges and Financial Crime Exposure bank account opening process. Thus, the applicants helped the fraudsters stay unrecognized and to misuse a newly opened bank account for money laundering activities. In addition, tests demonstrated that it is possible to open an account with fake identification document ("ID") cards, and that concise security features of ID cards are sometimes not recognized during video identification processes. National as well as international organizations such as the European Union ( EU ) and the Financial Action Task Force ( FATF ) need to create financial crime related regulations and guidance in order to appropriately cover and counteract the emerging risks, specifically with regard to AML and CTF. However, in spite of emerging risks, innovative technologies imply positive aspects as well as they promote competition, increase transparency and efficiency and offer access to payment services, credit or equity 5. 5 Bundesanstalt für Finanzdienstleistungsaufsicht; FATF-Konferenz in Berlin: FinTech und RegTech im Fokus ; Citation by Jens Spahn, former Parliamentary Secretary of the Federal Ministry of Finance; October 9,

6 Regulatory background and outlook Background on regulatory developments and initiatives In contrast to certain governments focusing on promoting innovation as a top priority, regulatory requirements have been found to be lagging behind. Most of the regulators across Europe 6 have recently demonstrated their support by publishing new regulatory actions and activities within financial services. It needs to be understood that the regulators issuing policies are just as concerned with consumer protection, market integrity, and financial inclusion as they are with promoting innovation or competition. The following section outlines the development of the most important regulatory initiatives of the last few years: 10/2014 Financial Conduct Authority ( FCA ) Authorization and regulatory sandbox regimes In response to the rapid developments of FinTech businesses, many authorities 7 have implemented so-called regulatory sandboxes, which can be defined as frameworks that offer a testing environment for new technologies within controlled environments. The FCA in the UK was the first supervisory authority supporting the testing environment under close guidance and supervision starting in However, there are also strict opponents of this regulatory initiative as special treatment also bears some negative consequences, such as the damage of reputation of the companies concerned and the accompanying risks that emerge in a less controlled environment. The German president of the Bundesanstalt für Finanzdienstleistungsaufsicht ( BaFin ), Felix Hufeld, is strictly against the concept of regulatory honeymoon as the BaFin follow the creed same business model, same risk, same rules Financial Conduct Authority ( FCA ); Autorité des Marchés Financiers ( AMF ); Autorité de Contrôle Prudentiel et de Résolution ( ACP ), Bundesanstalt für Finanzdienstleistungsaufsicht ( BaFin ), Commission de Surveillance du Secteur Financier ( CSSF ), the Netherlands Authority for the Financial Markets ( AFM ); De Nederlandsche Bank ( DNB ), the European Commission ( EC ) and Parliament, the European Central Bank ( ECB ) and the European Securities and Markets Authority ( ESMA ). 7 E.g. in Australia, Hong Kong, Korea, Malaysia, Singapore, Thailand, and United Kingdom ( UK ).

7 FinTech Regulatory Challenges and Financial Crime Exposure BaFin Notes on FinTech business models There are no relieving conditions or rules for FinTech businesses in Germany. In 2016, the BaFin published Notes on FinTech business models in which six different business models together with supervisory information/ guidelines are presented. On the BaFin website, the business models are listed and specific permission guidelines are openly accessible. It offers a contact form, in which FinTechs and start-ups can introduce themselves and ask specific questions regarding permission and obligation matters. Several requirements have to be included in the authorization application. Therefore, each business model is individually analyzed and the degree of regulatory supervision 8 evaluated accordingly. Robo-advice for example is prohibited without the previous permission by BaFin according to the German Banking Act 9. In comparison to other European regulators, the BaFin follows a strict and controlled regulatory approach in order to minimize the risks that emerge through new business models. However, regulation can sometimes also be seen as an export good interestingly, countries such as Austria and Luxembourg have introduced video identification procedures to their regulatory framework after countries such as Germany introduced such regulatory technology. Still, Germany needs to make sure that due to strict regulatory requirements, no race to the bottom will be experienced as some FinTech businesses have already transferred their registration location to different European countries. Too much regulation can prevent successful and fast-growing businesses, which may have a negative impact on the business (reputation) itself but also on customers who invested in such companies. A unified and homogenous regulatory supervision framework for FinTech businesses across Europe will be ultimately the best practice approach for all stakeholders. 10/ /2017 FATF Position on FinTech and RegTech The first FATF roundtable on FinTech and RegTech was held in Paris in February 2017 in order to make sure that AML/ CTF related measures remain up-to-date during the emergence of risks and vulnerabilities of new payment products and services. Multiple stakeholders were present and the discussion included the practical impact on AML/ CTF standards on financial innovations and different approaches, always having the goal to support innovative business models and technologies while diminishing the respective risks. In November 2017, the FATF published the FATF position on FinTech and RegTech, expressing their strong support of financial innovation that is in line with AML/ CTF requirements 10. The FATF aims to increase the knowledge of how already existing obligations can be adopted and applied to new technologies, products, services, etc. in order to enhance the collaboration of governments and the private sector. Its most important goal is to allow further developments of financial innovation without neglecting emerging risks and vulnerabilities. Digital identity can be seen as a benefit of the fast growing technological innovation era as it has the potential to streamline customer due diligence processes, reduce compliance costs and improve financial inclusion. Such technology is typically based on blockchain or distributed ledger technology ( DTL ) ensuring a secured, easily accessible and legitimate audit trail. It enables consumers to limit the sharing of their identity with only entities of trust. For regulators as well as financial institutions, the digital identification have the advantage of reducing fraud opportunities and improving compliance processes and service delivery at the same time. At present, the FATF focuses on reviewing different approaches of different countries regarding the digital identification in order to discuss potential policy implications a report is expected by the end of Authorization obligation Kreditwesengesetz ( KWG ): Anyone wishing to conduct banking business or to provide financial services in Germany commercially or on a scale which requires commercially organised business operations needs written authorisation from BaFin; section 37 (4) of the Act on Administrative Procedures shall apply. 10 Financial Action Task Force, International Standards on combating money laundering and the financing of terrorism and proliferations The FATF Recommendations,

8 European Banking Authority ("EBA") Discussion paper The EBA published a so-called Discussion Paper, which aims at presenting a holistic approach towards the FinTech sector. It outlines the results of the first EU-wide FinTech mapping exercise 11 and its recommendations for future work within this area. Overall, the EBA concluded that there are more than 1,500 FinTech businesses within the 22 member states and 2 states from the European Economic Area ( EEA ) that were part of the survey. Interestingly, 31% of the participating FinTech companies are not subject to any regime when it comes to the regulatory status. 18% are classified as payment institutions that are subject to the Payment Service Directive ( PSD ) whereas 11% are investment firms that are regulated by the Markets in Financial Instruments Directive 2004/39/EC ( MiFID ). The fact that there are FinTech businesses that are subject to national authorization or registration regimes means that there are potential EU-wide differences when it comes to the treatment of FinTechs. In addition, the high percentage of FinTechs that are not subject to any regime displays a strong need for further investigation not only of activities of such businesses, but also whether there may be regulatory arbitrage or potential consumer protection risks. As a result of the mapping exercise, the EBA came up with several work areas that should enjoy highest attention: (1) authorization and sandboxing regimes; (2) the impact on prudential and operational risks for credit institutions; (3) electronic money institutions and payment institutions; (4) the impact of FinTech on the business models of these institutions; (5) consumer protection and retail conduct of business issues; (6) the impact of FinTech on the resolution of financial firms; and (7) the impact of FinTech on AML/ CTF. 08/ /2018 Basel Committee on Banking Supervision ( BCBS ) Implications of FinTech developments for banks and supervisors In February 2018, the BCBS published Implications of FinTech developments for banks and bank supervisors, which outlines risks and opportunities associated with FinTech business models. With regards to the impact on banks and the banking systems, the paper lists the following risks and opportunities: Risks Strategic and profitability risks Cyber risk Increased interconnectedness between financial parties High operational risk systemic and idiosyncratic third-party/ vendor management risk Compliance risk including failure to protect consumers and data protection regulation Money laundering terrorism financing risk Liquidity risk and volatility of bank funding sources European Banking Authority, Discussion Paper on the EBA s approach to financial technology (FinTech), August 4, 2017.

9 FinTech Regulatory Challenges and Financial Crime Exposure European Central Bank ( ECB ) Guide to assessments of FinTech credit institutions license application In March 2018, the ECB published two guidelines concerning the assessment of licence applications and FinTech credit institution licence applications. Specifically the latter guideline outlines the licence application requirements for bank business models offering the production and delivery of banking products and services based on technology-enabled innovation 12. The underlying policies in place for licensing banks within the Single Supervisory Mechanism ( SSM ) can also be applied to FinTech banks. The ECB wants to ensure that such FinTech banks are properly authorised and equipped with efficient risk control frameworks that prepare them for risks arising within their field of operation. According to the ECB, FinTech banks should be treated by the same standards as all other types of credit institutions. Policies, practices and processes described in the guideline are not legally binding; instead, they should be used as a practical tool fostering transparency for prospective FinTech applicants about the application process and the assessment conducted by the ECB. 03/2018 Opportunities Improved and more efficient banking processes Innovative use of data for marketing and risk management purposes Potential positive impact on financial stability due to increased competition Specifically with regard to AML/ CTF risks, the BCBS points out that new areas of vulnerabilities may develop due to new financial products, such as virtual cryptocurrencies or new technologies. On the other hand, new technologies can also demonstrate a valuable benefit and greater efficiency for AML/ CTF policies. RegTech 12 European Central Bank; Guide to assessments of FinTech credit institutions licence applications ; March

10 European Commission ( EC ) Action plan In March 2018, the EC published an action plan 13 outlining the opportunities accompanying technology-enabled innovation in financial services. In order to become a global hub for FinTech, the EC informed about a first major deliverable, helping crowdfunding platforms to grow access to Europeans single markets. According to Valdis Dombrovski, Vice President in charge of Financial Stability 14, to compete globally, Europe's innovative companies need access to capital, space to experiment and scale to grow. This is the premise for our FinTech Action Plan. [ ]. The proposition of issuing crowdfunding passports displays an effort by the EC to drive growth in the financial technology market and to help FinTechs expand all over Europe. FinTech businesses aiming at providing crowdfunding services will receive a crowdfunding license from the European Securities and Markets Authority ( ESMA ) that covers up to one million euro over the course of a year 15. In case businesses are planning to raise more money, FinTechs are covered by the EU s existing securities rules. Such passports or licenses have the benefit that crowdfunding platforms will solely need to comply with one set of rules instead of rules made by different regulatory regimes and authorities no matter if they operate within their home market or other European countries. Amongst others, the action plan includes initiatives such as hosting an EU FinTech Laboratory, creating an EU Blockchain Observatory and Forum, running workshops regarding cybersecurity and presenting a blueprint with best practices on regulatory sandboxes. Specifically the last point, blueprint on best practices on regulatory sandboxes is based on the European Supervisory Authorities ( ESA ). The EC aims at providing best practice guidelines in order to help member states organizing their sandboxes as well as to demonstrate the activities that are of concern for such FinTech businesses. 03/ /2018 Global Financial Innovation Network ( GFIN ) Together with 11 financial regulators and related organizations 16, the FCA has publicized the foundation of the GFIN 17 in August The merger of influential supervisory bodies is to create a global sandbox and to build a network that provides a comfortable environment for innovative firms to interact with regulators and to allow the trial of cross-border solutions. In addition, the network acts not only as a common forum for joint work and discussions, but specifically helps regulators to collaborate and share experiences, business models, new ideas and approaches. It is specifically new at this regulatory stage, to have a platform that allows a testing environment for innovative financial services, which fall under more than one area of supervision, e.g. Initial Coin Offering ( ICO ). Until October 2018, members were allowed to give feedback on the consultation 18 concerning views on the GFIN mission statement, the proposed functions as well as the prioritized activities, all leading to agreements about next steps and timelines European Commission, FinTech Action plan: For a more competitive and innovative European financial sector, March 8, European Commission, FinTech: Commission takes action for a more competitive and innovative financial market, March 8, 2018; Citation from Vice-President responsible for Financial Stability, Financial Services and Capital Markets Union at the European Commission. 15 Financial Stability, Financial Services and Capital Markets Union, Commission proposal for a regulation on European crowdfunding services providers, March 8, Abu Dhabi Global Market, Autorité des marchés financiers, Australian Securities & Investments Commission, Central Bank of Bahrain, Bureau of Consumer Financial Protection, Dubai Financial Services Authority, Financial Conduct Authority, Guernsey Financial Services Com mission, Hong Kong Monetary Authority, Ontario Securities Commission, Consultative Group to Assist the Poor. 17 Global Financial Innovation Network, Consultation Document, August

11 FinTech Regulatory Challenges and Financial Crime Exposure 11

12 Outlook on regulatory developments and initiatives FinTech knowledge hub As part of the roadmap 19, the EBA is to establish a FinTech knowledge hub in order to keep track of all technologically led developments and trends in financial services. It is important to monitor the impact of FinTech on the financial service industry and to observe business models and other emerging aspects within this area, such as identifying developing trends and promoting knowledge. The knowledge hub further enhances the exchange and engagement between traditional banking institutions and FinTech businesses. It is the goal of the EBA to learn from the experience and knowledge of European authorities and to interact with different supervisory bodies such as the EU and national institutions. The EBA also mentioned that the assessment of current authorization and licensing approaches is the priority within the next year in order to come up with best practices and a consistent approach across Europe. EBA s chairperson, Andrea Enria, underlines the importance of such a knowledge hub by saying The EBA's Knowledge Hub will ensure that EU supervisors share best practices and adopt a technologically neutral approach to the application of new technologies in the financial sector. This will help facilitate innovation and scalability across the single market. 20 To protect organisations and society from the impact of Financial Crime, a holistic forward thinking, and integrated approach recognizing the new realities of Financial Crime is needed The EBA published a FinTech roadmap in March 2018, which sets out the priorities for 2018/19 based on the feedback of the discussion paper from August European Banking Authority, EBA publishes its Roadmap on FinTech, March 15, 2018.

13 FinTech Regulatory Challenges and Financial Crime Exposure RegTech technology using automated processes to facilitate compliance with regulation As a consequence of the rapid developments of FinTech business models and the accompanying regulatory challenges, the combination of regulation and technology, called RegTech, evolved and represents a fast expanding field as well. RegTech is a technology that seeks to provide a nimble, configurable, easy to integrate, reliable, secure, and cost-effective regulatory solution" 21 by means of cognitive technologies and enhanced analytics that ultimately help financial institutions to comply with regulatory requirements. Such solutions may include the automation of due diligence or the usage of data that are tailored to a risk-based approach by means of artificial intelligence and machine learning. In contrast to FinTech, RegTech is not as customer-oriented; instead, it is or will become a necessity for banks in order to give more attention to the regulatory requirements and compliance issues. With regard to AML/ CTF prevention measures, RegTech offers a variety of fraud detection technologies that allow companies to identify and evaluate relationships between huge data files and datasets. One of the main areas that benefit from RegTech solutions is the AML prevention by means of customer onboarding and maintenance technologies that enable sharing customer related documents across regulated institutions or machine learning that ensures a quick discovery of trends and suspicious individuals/ institutions or transactions. Advanced analytics technologies such as Neuro-Linguistic Programming ( NLP ) offer fully automating (currently manually performed) processes for e.g. enhanced due diligence ( EDD ) and adverse media search activities. Complex areas or decision-making are not solely dependent on human operators anymore but rather supported by smart (even using artificial intelligence) technology-based machines. One may say that the best way to ensure compliance with complex rules and regulations is to automate, however, the professional human judgment based on human experience and expertise can never be fully abandoned. 21 Deloitte RegTech is the new FinTech How agile regulatory technology is helping firms better understand and manage their risks ;

14 FinTech and Financial Crime Undoubtedly, the technical innovation has transformed the financial service industry by offering new products and services that facilitate and improve the encompassing financial industry experience, however the key financial crime threats and vulnerabilities such as cyber-attacks (online fraud) or account manipulations remain the same. Criminals and terrorists still strive at taking advantage of newly established financial services or business models, specifically finding the loopholes that allow financial crime activities. Financial crime generally refers to any kind of crime or misconduct including: fraud or dishonesty; bribery & corruption; cybercrime; money laundering; economic and trade sanctions; tax evasion; market abuse (insider trading, market rigging/ collusion); handling the proceeds of crime; and conducting breaches. The importance of regulatory supervision concerning innovative services and products was emphasized by the introduction of the 4th EU AML Directive, which was implemented into national law in June Virtual currencies 22 and electronic money 23 are taken into account for the first time and exchange services for virtual currency must be regulated for AML purposes by member states 24. Article 13 of the directive supports the development of new technological services e.g. for electronic customer identification purposes by stating that the customer identification and verification process must be performed based on documents, data or information from a reliable and independent source. This includes, where available, electronic identification means, relevant trust services as set out in Regulation (EU) No 910/2014 or any other secure, remote or electronic, identification process regulated, recognized, approved or accepted by the relevant national authorities. Another regulatory initiative is the Revised Directive on Payment Services ( PSD2 ) which generally aims at establishing a safer online payment environment while at the same time promoting the development and usage of innovative online and mobile payments. The following aspects with regard to authentication measures can be found within PSD2: requirements for a strong customer authentication and secure communication; elements which dynamically link transactions to specific amount and specific payee; and clear synergy with the 4th AML Know Your Customer ( KYC )/ Customer Due Diligence ( CDD ) requirements. There are several challenges that regulators are facing when it comes to defining regulatory guidelines and supervisory controls for FinTech businesses. First of all, regulators find themselves in an ambivalent position, in which they want to promote and support financial innovation (harness the benefits) while keeping an eye on the emerging risks that come along with new business models (mitigate potential financial, non-financial and operational risks). In addition, it is quite difficult for regulators to come up with a standard regulatory framework as the regulatory approach depends on the definition of terms. Depending on how the overall term FinTech is defined in combination with the definition of innovation, regulators may have to set a more/ less strict basis of regulatory guidance that is in line with the challenge that a number of FinTech business models are not captured within regulatory frameworks. Banking licenses are currently aiming at banking activities such as deposit-taking or lending businesses. However, FinTechs with limited banking activities are not yet in scope of regulatory initiatives or supervision. The fact that there are multiple FinTech business models that fall outside the regulatory perimeter in turn entails that there is only limited data available on FinTechs that help regulators to monitor and report on developments and trends Article 3 (18) 4th EU AML Directive. 23 Article 3 4th EU AML Directive. 24 Article 3 (18) & 2 (1) 4th EU AML Directive.

15 FinTech Regulatory Challenges and Financial Crime Exposure 15

16 How Deloitte can support In order to identify all potential risks and vulnerabilities that come along with new FinTech business models and to efficiently allocate resources to mitigate identified risks, a financial crime risk assessment is to be conducted for each business model. For financial institutions, the benefits of a risk assessment include amongst others the dialogue with stakeholders and the compliance with regulatory requirements. Furthermore, it prevents reactive actions costs that are typically much higher than issuing budget costs that allow a pro-active action plan to be executed. In addition, the risk assessment offers a baseline measure of overall financial crime risks and facilitates the establishment of an informed risk appetite. The financial crime risk assessment evaluates quantitative and qualitative risk factors to FinTechs against mitigating controls to assess inherent and residual risk at the business unit and/or enterprise level and follows a 3-phase approach: Fig. 1 Deloitte's 3-Phase Approach Phase 1 Assessment of inherent risk Phase 2 Assessment of mitigating controls Phase 3 Calculation of residual risk Objective Measure the risk of the FinTech business (and its individual business units) based on its business activities, irrespective of any controls. Measure the effectiveness of activities put in place to protect against the materialization of risk or to ensure that risk factors are immediately identified. Adjust the inherent level of risk calculated in Phase 1 in light oft he mitigating controls implemented and assessed in Phase 2 in ordert o determine the residual risk rating. Process Distribute quantitative and qualitative risk questionnaires to business stakeholder to collect quantitative and qualitative data for all inherent risk areas. Input the data collected into a risk assessment tool designed to calculate quantitative and qualitative risk metrics. Distribute control questionnaires to bank stakeholders (e.g., compliance, operations) to collect data for control areas. Input the data collected into a risk assessment tool designed to calculate controls metrics. Use defined residual risk thresholds to calculate overall residual risk ratings using the overall inherent risk rating and overall controls rating. Outcome Inherent risk ratings for each risk area. An overall inherent risk rating and an aggregate risk score. Controls ratings for the control areas. An overall controls rating. An overall residual risk rating and an aggregate risk score. 16

17 FinTech Regulatory Challenges and Financial Crime Exposure Based on the results of the risk assessment, the management identifies gaps in the bank s compliance program, mainly within the AML, CTF and sanctions sector, and develops an action plan on how to address the identified gaps and weaknesses. Furthermore, the results of the risk assessment become an integral part of the compliance program by guiding the ongoing customer due diligence, transaction monitoring, customer risk rating, training, independent testing/ audit, resourcing and other elements of the program. In addition, the following financial crime services are offered to outsmart criminals through industrialized, standardized and repeatable innovative solutions, technology and analytics as well as to mobilize tailored global expertise with local business insights: Fig. 2 Financial Crime Services offered by Deloitte Regulatory Strategy Policy, Risk Assessment Tools Programme Implementation & Optimization Regulatory Response Reporting and liaison with competent authorities Health Checks Regulatory advise regarding supervisory requirements Regulatory Strategy Analysis of legislation Gap analysis Regulatory Response Financial Crime Activity Policy, Risk Assessment Tools Governance, sustainable Financial Crima models Policy & standards Risk assessments Programme Implementation & Optimization System optimization Operational day-to-day business support Training Cultural change Financial Crime Financial Crime Activity Investigation of fraud cases Document review 17

18 Your Contacts Matthias Rode Financial Advisory Lutz Knop Audit & Assurance Thomas Kurth Audit & Assurance Sabine Schwarz Audit & Assurance Jennifer Rabener Financial Advisory Antonia Foehse Financial Advisory 18

19 FinTech Regulatory Challenges and Financial Crime Exposure 19

20 This communication contains general information only not suitable for addressing the particular circumstances of any individual case and is not intended to be used as a basis for commercial decisions or decisions of any other kind. None of Deloitte GmbH Wirtschaftsprüfungsgesellschaft or Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte network ) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see for a more detailed description of DTTL and its member firms. Deloitte provides audit, risk advisory, tax, financial advisory and consulting services to public and private clients spanning multiple industries; legal advisory services in Germany are provided by Deloitte Legal. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte s approximately 286,000 professionals are committed to making an impact that matters. Issue 11/2018